Using radio monitoring to identify threats.
Vorobyov Sergey Viktorovich
USE OF RADIO MONITORING TO IDENTIFY THREAT
The article discusses the use of radio monitoring to detect the preparation of a threat. The characteristics of its effectiveness are assessed, recommendations for practical application are given.
It is known that any major legal or illegal actions are preceded by a preparation stage, which is usually associated with inspection and study of the area. Portable radio stations are often used for interaction between group members during preliminary preparation and directly during the event. Based on this, it can be assumed that an increase in the intensity of uncontrolled radio equipment near the security facility may be associated with preparation of an attack on it.
The intensity of radio equipment operation near the protected object can be assessed using radio monitoring of the airwaves; however, it is difficult to unambiguously link it to the preparation of a threat for the following reasons. Firstly, at the initial stage, the main characteristics of the detected signals (radio frequency, modulation type, location and time of radio exchange) are unknown; secondly, a large number of various radio transmitting devices (cellular and trunking radio telephones, radio and television broadcast transmitters, paging communications, etc.) operate in the city, which create interference for the signal detector. Some of this interference can be eliminated if detectors are used that allow prohibiting (blanking) the analysis of frequency bands occupied by permanently operating radio stations. However, signals from other sources (for example, mobile subscribers of trunking and cellular communications) will continue to create interference.
It can be assumed that when preparing an external threat, the area around the protected object will be of greatest interest to intruders. When using radio communication means, the signal level from them will be on average higher than from other sources, which allows signal selection by level. Thus, at the initial stage of signal detection, the task of setting the detector sensitivity is relevant so as to maximize the probability of detection of an unknown signal, the source of which is located near the protected object, with a minimum probability of false alarm. These probabilities characterize the efficiency of the considered method of threat detection.
In general, the signal and interference powers at the detector input are random variables, so the problem is reduced to detecting radio signals with previously unknown parameters against a background of interference. This problem can be solved using the apparatus of statistical decision theory. In this case, differences in the statistical characteristics of the power of the detected signal and interference are used to separate the signals.
Obviously, if you set a very low detection threshold (i.e. ensure good sensitivity), the detector will register signals from large distances, i.e. from signal sources that are not of interest (the probability of a false alarm is high). Against the background of this interference, the appearance of signals caused by the preparation of a threat may not be detected. If you set a high detection threshold, the opposite will happen — the detector will not react not only to interference, but also to signals caused by the preparation of a threat. In practice, as a rule, people are interested in the average time between two false detections.
In Fig. 1 and 2 show approximate dependencies of the probability of false alarm (Plt) and correct detection (Rob), as well as the average time between false alarms on the detector threshold (Uп).
| Fig. 1. Approximate dependency of the probability of false alarm (Plt) and correct detection (Rob) on the detector threshold (Uп). |
|
 |
Fig. 2. Approximate dependence of the average time between false alarms (T) on the detector threshold (Uп). |
The probability of a false alarm strongly depends on many factors:
- location of the protected facility;
- time of day;
- activity of subscribers of radio equipment, etc.,
therefore, its value must be assessed separately in each specific case. In practical terms, the use of radio monitoring for threat assessment is as follows. At the first stage, it is necessary to select and purchase a scanning receiver or a hardware and software radio monitoring complex that ensures signal selection by level, as well as the ability to blank signals of permanent radio stations. It is desirable that these tools have the ability to collect statistics on intercepted signals. The number of radio monitoring posts depends on the ratio of the size of the protected object and the controlled area. Usually, its size does not exceed hundreds of meters from the border of the object, since at large distances, monitoring the object is difficult. Thus, if the size of the protected object is no more than tens of meters (for example, an office, etc.), then it is enough to organize one radio monitoring post, if the object occupies a significant area (for example, a parking lot, a terminal, etc.), then several posts must be placed evenly around the perimeter of the object every 150 — 200 m, or near the most vulnerable places. It should be noted that with the appropriate technical solution, only antennas can be placed in the specified locations, and the collection and processing of information is possible at one post.
The next step is to prepare the equipment. First, it is necessary to blank the signals of the permanent radio equipment. Then, using standard simplex VHF radio stations, conduct control communication sessions around the protected object from places of potential interest in the preparation of a threat (for example, nearby streets, entrances, etc.). In the radio monitoring equipment, set the maximum threshold value, at which a confident registration of these signals is still ensured. The next step is collecting statistics on false alarms. Assuming that there is no preparation of a threat, it is necessary to collect statistics on false detection. Since these statistics are highly dependent on the time of day and day of the week, this operation must be performed with reference to time. For example, during the week, record the number of false alarms (N) per hour every hour, then plot hourly graphs of the obtained values for a working day and a day off. An approximate view of the graph is shown in Fig. 3, where the range of values for the number of false alarms (N) received on different days is highlighted.
 |
Fig. 3. Approximate graph of the dependence of the number of false alarms (N) on time. |
After the preparatory period, you can start working, which consists of the following: the operator, using the prepared schedule, should conduct an hourly comparison of the number of registered signals with the number of false alarms (N) for a given hour. A significant excess of the number of registered signals over the value obtained from the schedule should be perceived as a need for increased attention and additional security measures. In this case, in order to increase the reliability of making a decision on the need to increase security measures, it is possible to conduct a more detailed analysis of the intercepted signals, for example, by checking their grouping by radio frequencies or time, assessing the semantic content of negotiations, etc.
Thus, properly organized radio monitoring of the air can provide some assistance in identifying an impending threat and contribute to increasing the reliability of the facility's security.
Currently, a large number of various equipment for radio monitoring (from simple scanners to automated complexes) with a wide range of characteristics that can be used according to the above methodology are presented on the market.